IPMediumSignal 69/100

`199.45.155.98`

Location

United States

Hong Kong, Kowloon

ASN

AS398722

Censys, Inc.

First Seen

Jan 25, 2024

Last Seen

Jun 3, 2026

Jan 25

First Seen

871d ago

Jun 3

Last Seen

11d ago

Reports

source reports

69%

Confidence

medium

Found in 42 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

69%

Signal Score

69 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

89 techniques

Network Information

Country

United States

RegionHong Kong, Kowloon

ASNAS398722

OrganizationCensys, Inc.

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

42 reports69% confidence

Source reports

69%

Confidence score

Category tags

abuseabuseipdbaccessaccess controlaccount compromiseactive scanactive scanningadbadb exploitationadb scanadbhoney activityadbhoney exploitationadbhoney honeypotamerican expressanomalous network connectionsapacheapache attackeraptasiaasset discoveryattackattack preparatoryattacker ipattacker-ipattempted-intrusionaustraliaauthentication abuseauthentication attacksauthentication attemptauthentication attemptsauto-generated securityautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackbad reputationbad web botbeningbening scannerblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadacensys-benignchinachina mobileciscocisco devicecisco device attackcisco device targetingcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_device_attackcitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised system detectioncompromised systemsconnected devicesconpot attacksconpot exploitationconpot honeypotcontainer securitycowriecowrie activitycowrie attackcowrie attackscowrie datacowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh interactioncredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-stuffingcredential_stuffingctacurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvesting attemptsdata store exposuredata theftdatabase activitydatabase attackdatabase attacksdatabase exploitationdatabase login attemptdatabase probingdatabase securitydatabase_serverdcerpcddosddos attackddos preparationddospotdecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdevice managementdhcpdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea interactionsdionaea malware collectiondionaea payloadsdirectory traversal probedistributed attacksdnsdns attackdockerelasticpot activityelasticpot honeypotelasticsearchelasticsearch monitoringemailemail-serversencryptionenterprise networkingenterprise securityenumerationeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit probingexploit scanexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal threatexternal-scanningextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinlandfrancefraud voipftpftp activityftp attackftp attacksftp brute forceftp brute-forcegalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityhkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshttps scanninghuaweihurricane usics securityidentity & access exploitationimapimap attackindicatorindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial_accessinjection activityinjection attacksintel macinternet exposedinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-wide scanintrusion detectioniociocsiot analyticsiot applicationsiot device targetingiot exploitationiot platformsiot securityiot targetediot/ics attackiot_attackipmi scanipphoney honeypotipv4ipv4_addresskfsensor honeypotkhtmlkibanalamplamp attacklamp attackslamp exploitationlamp exploitation attemptslamp server attacklamp server targetlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp_stack_attacklateral movementlateral movement techniqueslcialdaplinuxlinux serverslinux systemslinux x8664linux-server-attacklinux_server_attackslog4potloginlogin attemptlogin attemptsmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious code detectionmalicious email activitymalicious file transfermalicious ip activitymalicious ip addressesmalicious network activitymalicious payloadmalicious payload attemptsmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware payloadmalware_activitymanualmedpotmobilemobile securitymonthlymssqlmssql brute forcemysql brute forcenation-state activitynetworknetwork attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicesnetwork-reconnaissancenetwork-scanningnetwork_reconnaissancenorth americantpnull scanoceaniaopen proxyopenctioracleos fingerprintingos xp0fp0f os fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit probingpossible malware activitypossible malware deploymentpossible malware distributionpossible malware hostingpossible malware propagationpossible mirai variantpostgrespotential botnetpotential credential compromisepotential exploit attemptspotential intrusionpotential malicious activitypotential malware activitypotential malware deliverypotential malware distributionpotential threat actorprivilege escalationprobingprocess injectionprotocol exploitationprotocol-abuseproxyproxy accesspythonransomwarerdp attacksreconnaissancereconnaissance activityredisredis exploitationredis honeypotredishoneypot activityregional securityremote accessremote access abuseremote access attackremote access attemptremote access attemptsremote loginremote servicesremote_access_serviceresearchedresource hijackingrtbhsansscams & fraudscanscannerscanner detectionscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp-attackshell accessshell access attemptsipsip attackssip brute forcesip scanningsip vulnerability exploitationsip vulnerability scansippslugsmart devicessmbsmb attackssmb brute forcesmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresnmpsocial engineeringsocks5socradar honeypotsoftware exploitationsourcespamsql injectionsql injection attemptsql injection attemptssql injection probesshssh attackssh attacksssh monitoringssh-brute-forcesurface websuricata alertsuricata alertssyn scansystem accesssystem disruptiont-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.002t1588.006t1589t1590t1590.001t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploit detectiontanner incidenttanner interactionstargeting databasetcp protocoltcp scantcp-scanningtelecommunicationtelecommunicationstelnettelnet attackstelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpottpotcettpsubuntuudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized network activityunauthorized probingunauthorized-access-attemptunidentified attackerunited kingdomunited statesunknown threat actorunusual network trafficusus abuseus nonevalid accountsverified-benignvncvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb crawling detectionweb exploitweb exploitationweb exploitsweb login attemptweb scannerweb serverweb server attacksweb serversweb shellweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-application-attacksweb-serversweb_attackweb_serverwebscanwebscannerwestpac new zealandwgetwindows ntwordpotxmas scan

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

69%

Confidence

Reports

First seenJan 25, 2024

Last seenJun 3, 2026

GeolocationUS

CountryUnited States

LocationHong Kong, Kowloon

ASNAS398722

OrgCensys, Inc.

Coords22.3193, 114.1690

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references: https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

`199.45.155.98`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy